Do not sanitize links (#944)

Co-authored-by: Ian Seabock (Centific Technologies Inc) <[email protected]>
microsoft · Jun 20, 2024 · e9c8954 · e9c8954
1 parent ea5bec7
commit e9c8954
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 11 deletions.
diff --git a/frontend/src/components/Answer/Answer.tsx b/frontend/src/components/Answer/Answer.tsx
@@ -10,7 +10,7 @@ import remarkGfm from 'remark-gfm'
 import supersub from 'remark-supersub'
 import Plot from 'react-plotly.js'
 import { AskResponse, Citation, Feedback, historyMessageFeedback } from '../../api'
-import { XSSAllowTags } from '../../constants/xssAllowTags'
+import { XSSAllowTags, XSSAllowAttributes } from '../../constants/sanatizeAllowables'
 import { AppStateContext } from '../../state/AppProvider'
 
 import { parseAnswer } from './AnswerParser'
@@ -253,7 +253,7 @@ export const Answer = ({ answer, onCitationClicked, onExectResultClicked }: Prop
                 remarkPlugins={[remarkGfm, supersub]}
                 children={
                   SANITIZE_ANSWER
-                    ? DOMPurify.sanitize(parsedAnswer.markdownFormatText, { ALLOWED_TAGS: XSSAllowTags })
+                    ? DOMPurify.sanitize(parsedAnswer.markdownFormatText, { ALLOWED_TAGS: XSSAllowTags, ALLOWED_ATTR: XSSAllowAttributes })
                     : parsedAnswer.markdownFormatText
                 }
                 className={styles.answerText}

diff --git a/frontend/src/constants/xssAllowTags.ts → frontend/src/constants/sanatizeAllowables.ts b/frontend/src/constants/xssAllowTags.ts → frontend/src/constants/sanatizeAllowables.ts
@@ -42,3 +42,5 @@ export const XSSAllowTags = [
   'ol',
   'li'
 ]
+
+export const XSSAllowAttributes = ['href']
diff --git a/frontend/src/pages/chat/Chat.tsx b/frontend/src/pages/chat/Chat.tsx
@@ -13,7 +13,7 @@ import { nord } from 'react-syntax-highlighter/dist/esm/styles/prism'
 
 import styles from './Chat.module.css'
 import Contoso from '../../assets/Contoso.svg'
-import { XSSAllowTags } from '../../constants/xssAllowTags'
+import { XSSAllowTags } from '../../constants/sanatizeAllowables'
 
 import {
   ChatMessage,
@@ -32,7 +32,6 @@ import {
   CosmosDBStatus,
   ErrorMessage,
   ExecResults,
-  AzureSqlServerCodeExecResult
 } from "../../api";
 import { Answer } from "../../components/Answer";
 import { QuestionInput } from "../../components/QuestionInput";

diff --git a/static/assets/index-252b88f2.js → static/assets/index-2e11eaf6.js b/static/assets/index-252b88f2.js → static/assets/index-2e11eaf6.js
diff --git a/static/assets/index-252b88f2.js.map → static/assets/index-2e11eaf6.js.map b/static/assets/index-252b88f2.js.map → static/assets/index-2e11eaf6.js.map
diff --git a/static/index.html b/static/index.html
@@ -5,7 +5,7 @@
     <link rel="icon" type="image/x-icon" href="{{ favicon }}" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>{{ title }}</title>
-    <script type="module" crossorigin src="/assets/index-252b88f2.js"></script>
+    <script type="module" crossorigin src="/assets/index-2e11eaf6.js"></script>
     <link rel="stylesheet" href="/assets/index-61492790.css">
   </head>
   <body>